Re: [Qemu-devel] [PATCH 2/3] tpm: Probe for connected TPM 1.2 or TPM 2

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: "Xu, Quan" <quan.xu@intel.com>,
	"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
	"mst@redhat.com" <mst@redhat.com>, Eric Blake <eblake@redhat.com>
Cc: Stefan Berger <stefanb@us.ibm.com>
Subject: Re: [Qemu-devel] [PATCH 2/3] tpm: Probe for connected TPM 1.2 or TPM 2
Date: Sun, 12 Apr 2015 16:59:26 -0400	[thread overview]
Message-ID: <552ADCAE.7070600@linux.vnet.ibm.com> (raw)
In-Reply-To: <945CA011AD5F084CBEA3E851C0AB28890E8DB967@SHSMSX101.ccr.corp.intel.com>

On 04/07/2015 04:54 AM, Xu, Quan wrote:
>
>> -----Original Message-----
>> From: Stefan Berger [mailto:stefanb@linux.vnet.ibm.com]
>> Sent: Wednesday, April 01, 2015 3:40 AM
>> To: qemu-devel@nongnu.org; mst@redhat.com
>> Cc: Xu, Quan; Stefan Berger; Stefan Berger
>> Subject: [PATCH 2/3] tpm: Probe for connected TPM 1.2 or TPM 2
>>
>> In the TPM passthrough backend driver, modify the probing code so that we can
>> check whether a TPM 1.2 or TPM 2 is being used and adapt the behavior of the
>> TPM TIS accordingly.
>>
>> Move the code that tested for a TPM 1.2 into tpm_utils.c and extend it with test
>> for probing for TPM 2. Have the function return the version of TPM found.
>>
>> Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
>> ---
>>   hw/tpm/Makefile.objs     |   2 +-
>>   hw/tpm/tpm_int.h         |   6 +++
>>   hw/tpm/tpm_passthrough.c |  59 +++-------------------
>>   hw/tpm/tpm_util.c        | 126
>> +++++++++++++++++++++++++++++++++++++++++++++++
>>   hw/tpm/tpm_util.h        |  28 +++++++++++
>>   5 files changed, 167 insertions(+), 54 deletions(-)  create mode 100644
>> hw/tpm/tpm_util.c  create mode 100644 hw/tpm/tpm_util.h
>>
>> diff --git a/hw/tpm/Makefile.objs b/hw/tpm/Makefile.objs index
>> 99f5983..64cecc3 100644
>> --- a/hw/tpm/Makefile.objs
>> +++ b/hw/tpm/Makefile.objs
>> @@ -1,2 +1,2 @@
>>   common-obj-$(CONFIG_TPM_TIS) += tpm_tis.o
>> -common-obj-$(CONFIG_TPM_PASSTHROUGH) += tpm_passthrough.o
>> +common-obj-$(CONFIG_TPM_PASSTHROUGH) += tpm_passthrough.o
>> tpm_util.o
>> diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h index 24e12ce..edab824
>> 100644
>> --- a/hw/tpm/tpm_int.h
>> +++ b/hw/tpm/tpm_int.h
>> @@ -66,4 +66,10 @@ struct tpm_resp_hdr {  #define
>> TPM_ORD_ContinueSelfTest  0x53
>>   #define TPM_ORD_GetTicks          0xf1
>>
>> +
>> +/* TPM2 defines */
>> +#define TPM_ST_NO_SESSIONS        0x8001
>> +
>> +#define TPM_CC_ReadClock          0x00000181
>> +
> Could you define TPM2 macro definitions beginning with 'TPM2_*'?


Ok, will do.

[...]
> +/*
> + * Probe for the TPM device in the back
> + * Returns 0 on success with the version of the probed TPM set, 1 on failure.
> + */
> +int tpm_util_test_tpmdev(int tpm_fd, enum TPMVersion *tpm_version) {
> +    /*
> +     * Sending a TPM1.2 command to a TPM2 should return a TPM1.2
> +     * header (tag = 0xc4) and error code (TPM_BADTAG = 0x1e)
> +     *
> +     * Sending a TPM2 command to a TPM 2 will give a TPM 2 tag in the
> +     * header.
> +     * Sending a TPM2 command to a TPM 1.2 will give a TPM 1.2 tag
> +     * in the header and an error code.
> +     */
> +    const struct tpm_req_hdr test_req = {
> +        .tag = cpu_to_be16(TPM_TAG_RQU_COMMAND),
> +        .len = cpu_to_be32(sizeof(test_req)),
> +        .ordinal = cpu_to_be32(TPM_ORD_GetTicks),
> +    };
> +
> +    const struct tpm_req_hdr test_req_tpm2 = {
> +        .tag = cpu_to_be16(TPM_ST_NO_SESSIONS),
> +        .len = cpu_to_be32(sizeof(test_req_tpm2)),
> +        .ordinal = cpu_to_be32(TPM_CC_ReadClock),
> +    };
> +    uint16_t returnTag;
> +    int ret;
> +
> +    /* Send TPM 2 command */
> +    ret = tpm_util_test(tpm_fd, (unsigned char *)&test_req_tpm2,
> +                        sizeof(test_req_tpm2), &returnTag);
> +    /* TPM 2 would respond with a tag of TPM_ST_NO_SESSIONS */
> +    if (!ret && returnTag == TPM_ST_NO_SESSIONS) {
> +        *tpm_version = TPMVersion2_0;
> +        return 0;
> +    }
> +
> +    /* Send TPM 1.2 command */
> +    ret = tpm_util_test(tpm_fd, (unsigned char *)&test_req,
> +                        sizeof(test_req), &returnTag);
> +    if (!ret && returnTag == TPM_TAG_RSP_COMMAND) {
> +        *tpm_version = TPMVersion1_2;
> +        /* this is a TPM 1.2 */
> +        return 0;
> +    }
> +
> +    *tpm_version = TPMVersion_Unspec;
> +
> +    return 1;
> +}
>
> In my opinion, I prefer to point out tpm_version in QEMU command line options, then
> tpm_util_test_tpmdev() tries to verify it.

The only reason why I am not doing this was that libvirt for example 
will need to probe for whether the additional parameter indicating the 
TPM version is supported. Besides that I thought it should be possible 
to probe on any platform and get a reliable result.

Maybe Eric has a comment. I have recently seen a discussion where an 
additional parameter to an existing option was to be added, but cannot 
remember which option that was.

    Stefan

next prev parent reply	other threads:[~2015-04-12 20:59 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-03-31 19:40 [Qemu-devel] [PATCH 0/3] tpm: Upgrade TPM TIS for support of a TPM 2 Stefan Berger
2015-03-31 19:40 ` [Qemu-devel] [PATCH 1/3] Extend TPM TIS interface to version 2.0 Stefan Berger
2015-04-14  5:50   ` Michael S. Tsirkin
2015-03-31 19:40 ` [Qemu-devel] [PATCH 2/3] tpm: Probe for connected TPM 1.2 or TPM 2 Stefan Berger
2015-04-07  8:54   ` Xu, Quan
2015-04-12 20:59     ` Stefan Berger [this message]
2015-04-13 14:43       ` Eric Blake
2015-04-13 14:58         ` Stefan Berger
2015-04-14  5:48   ` Michael S. Tsirkin
2015-03-31 19:40 ` [Qemu-devel] [PATCH 3/3] TPM2 ACPI table support Stefan Berger
2015-04-07  8:58   ` Xu, Quan
2015-04-13  6:27   ` Michael S. Tsirkin
2015-04-14  2:29     ` Stefan Berger
2015-04-14  5:51       ` Michael S. Tsirkin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=552ADCAE.7070600@linux.vnet.ibm.com \
    --to=stefanb@linux.vnet.ibm.com \
    --cc=eblake@redhat.com \
    --cc=mst@redhat.com \
    --cc=qemu-devel@nongnu.org \
    --cc=quan.xu@intel.com \
    --cc=stefanb@us.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.